[Resolvido!] Winlogon.exe - Erro aplicativo

Leko.xD · Maio 10, 2010

Há alguns dias vinha dando problema de "a memoria não pode ser rear... " Dai desliguei o pc ontem e hoje ao iniciar apareceu a imagem abaixo:

Imagem Clicando em OK ou em CANCELAR o computaro reinicia, sem clicar a mensagem fica na tela e o pc rodando, mas muito lento.

Segui algumas dicas encontradas em vários topicos, passei o anti virus que uso (AVS) não detectou nada, passei o antivuirus do panda online e detectou - foi removido, baixei o Spyware Doctor e detectou 5 problemas, coloquei pra solucionar, ainda tentei colocar rodar o CD do windows XP e coloquei para reparar e persistiu o problema.esta foi minha ultima tentativa.

Abaixo segue o Log do HijackThis:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 15:29:42, on 10/5/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Arquivos de programas\Microsoft LifeCam\MSCamS32.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\vVX3000.exe

C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe

C:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exe

C:\Arquivos de programas\Pando Networks\Media Booster\PMB.exe

C:\Arquivos de programas\IObit\Advanced SystemCare 3\AWC.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Documents and Settings\Ze Orlando\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://query.ieconfig.com:8083/config.pac

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Arquivos de programas\Ask.com\GenericAskToolbar.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: PandoraTV Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Arquivos de programas\Ask.com\GenericAskToolbar.dll

O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [avast5] C:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exe /nogui

O4 - HKCU\..\Run: [ares] "C:\Arquivos de programas\Ares\Ares.exe" -h

O4 - HKCU\..\Run: [Pando Media Booster] C:\Arquivos de programas\Pando Networks\Media Booster\PMB.exe

O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Arquivos de programas\IObit\Advanced SystemCare 3\AWC.exe" /startup

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\Microsoft Office\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\Microsoft Office\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/pt/uno1/GAME_UNO1.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: Google Update Service (gupdate1c9aa55352ec26e) (gupdate1c9aa55352ec26e) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - (no file)

--

End of file - 5449 bytes

Espero que possam me ajudar, a cada reiniciada fica mais lento e parece que não volta mais.

Desde já obrigado; Leanderson

DigRam · Maio 16, 2010

Bom Dia! Leko.xD

<!> Desinstale:

<1> C:\Arquivos de programas\Pando Networks

<2> C:\Arquivos de programas\IObit\Advanced SystemCare 3

<3> C:\Arquivos de programas\Ask.com

<4> C:\Arquivos de programas\Google

<!> Ps: À cada desinstalação,execute a ferramenta TFC.

0000000000000000000

ooooooooooooooooooo

<@> Baixe: < TFC > ( by Old Timer )

<!> Link - 2 < http://www.geekstogo.com/forum/TFC-Temp-File-Cleaner-OldTimer-file187.html >

<@> Salve-o no desktop!

<@> Feche todos os programas! ( Internet,navegador,etc... )

<@> Execute TFC.exe,com um duplo-clique.

<@> Ps: Para Windows Vista --> Clique direito --> Escolha: Executar como Administrador

<@> Clique em Start --> Aguarde!

<@> Terminando,reinicie o computador...caso a ferramenta não o solicite e dê início ao processo. ( reboot )

0000000000000000000

ooooooooooooooooooo

<@> Baixe: < OTL > ( ...by OldTimer Tools )

<@> Salve-o no desktop!

<@> Clique duplo em: < >

<@> Ps: Sigamos,agora,com sua configuração!

1 - Em "Saída",deixe marcado o botão "Resumida".

2 - Marque as caixas: Verificar All Users e Incluir Verificação 64bit <-- Ps: Caso o SO seja 64 bit!

3 - Processos: Usar SafeList <-- Marque!

4 - Módulos: Usar SafeList <-- Marque!

5 - Serviços: Usar SafeList <-- Marque!

6 - Drivers: Usar SafeList <-- Marque!

7 - Exame Padrão do Registro: Usar SafeList <-- Marque!

8 - Exame Extra do Registro: Usar SafeList <-- Marque!

9 - Verificação de Arquivos:

<!> Data de Criação >> Escolha: 14 dias

<!> Marque: Usar WhiteList para Nomes de Companhias

<!> Marque: Ignorar Arquivos Microsoft

10 - Arquivos Criados Desde:

<!> Marque: Data de Criação

11 - Arquivos Modificados Desde:

<!> Marque: Data de Criação

<!> Marque as caixas:

[] Verificar Lop

[] Verificar Purity

<@> Ps: Sugiro que imprima estas orientações,para posterior leitura.

netsvcsmsconfigsafebootminimalsafebootnetworkactivexdrivers32%SYSTEMDRIVE%\*.exe%SYSTEMDRIVE%\eventlog.dll /s /md5%SYSTEMDRIVE%\scecli.dll /s /md5%SYSTEMDRIVE%\netlogon.dll /s /md5%SYSTEMDRIVE%\cngaudit.dll /s /md5%SYSTEMDRIVE%\sceclt.dll /s /md5%SYSTEMDRIVE%\ntelogon.dll /s /md5%SYSTEMDRIVE%\logevent.dll /s /md5%SYSTEMDRIVE%\iaStor.sys /s /md5%SYSTEMDRIVE%\nvstor.sys /s /md5%SYSTEMDRIVE%\atapi.sys /s /md5%SYSTEMDRIVE%\IdeChnDr.sys /s /md5%SYSTEMDRIVE%\viasraid.sys /s /md5

<@> Ps: Copie e cole estas informações,que estão no Code,para o campo abaixo de: Exames Personalizados/Correções

<@> Clique em: Verificar --> Aguarde!

<@> Concluindo,poste:

<1> OTL.txt <--

<2> Extra.txt <--

Abraços!

Leko.xD · Maio 24, 2010

Aqui o Extras.txt

OTL Extras logfile created on: 24/5/2010 18:47:30 - Run 1

OTL by OldTimer - Version 3.2.5.0 Folder = C:\Documents and Settings\Ze Orlando\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: d/M/yyyy

447,00 Mb Total Physical Memory | 103,00 Mb Available Physical Memory | 23,00% Memory free

2,00 Gb Paging File | 2,00 Gb Available in Paging File | 83,00% Paging File free

Paging file location(s): c:\pagefile.sys 2000 4000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Arquivos de programas

Drive C: | 29,35 Gb Total Space | 0,89 Gb Free Space | 3,04% Space Free | Partition Type: NTFS

Drive D: | 7,83 Gb Total Space | 4,09 Gb Free Space | 52,24% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: HOME

Current User Name: Ze Orlando

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: On

Skip Microsoft Files: On

File Age = 14 Days

Output = Minimal

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html [@ = NavigatorHTML] -- Reg Error: Key error. File not found

.txt [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-21-602162358-261478967-839522115-1003\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Arquivos de programas\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

htmlfile [edit] -- Reg Error: Key error.

http [open] -- Reg Error: Value error.

https [open] -- Reg Error: Value error.

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"427:UDP" = 427:UDP:*:Enabled:SLP_Port(427)

"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

"1723:TCP" = 1723:TCP:*:Enabled:@xpsp2res.dll,-22015

"1701:UDP" = 1701:UDP:*:Enabled:@xpsp2res.dll,-22016

"500:UDP" = 500:UDP:*:Enabled:@xpsp2res.dll,-22017

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DoNotAllowExceptions" = 0

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

"427:UDP" = 427:UDP:*:Enabled:SLP_Port(427)

"1723:TCP" = 1723:TCP:*:Enabled:@xpsp2res.dll,-22015

"1701:UDP" = 1701:UDP:*:Enabled:@xpsp2res.dll,-22016

"500:UDP" = 500:UDP:*:Enabled:@xpsp2res.dll,-22017

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe" = C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

"C:\Arquivos de programas\Windows Live\Sync\WindowsLiveSync.exe" = C:\Arquivos de programas\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Arquivos de programas\Microsoft LifeCam\LifeExp.exe" = C:\Arquivos de programas\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe -- (Microsoft Corporation)

"C:\WINDOWS\system32\usmt\migwiz.exe" = C:\WINDOWS\system32\usmt\migwiz.exe:*:Enabled:Assistente para transferência de arquivos e configurações -- (Microsoft Corporation)

"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)

"C:\WINDOWS\system32\spool\drivers\w32x86\3\SAGENT4.EXE" = C:\WINDOWS\system32\spool\drivers\w32x86\3\SAGENT4.EXE:*:Enabled:SAgent4 -- (SEIKO EPSON CORPORATION)

"C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe" = C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

"C:\WINDOWS\system32\rtcshare.exe" = C:\WINDOWS\system32\rtcshare.exe:*:Disabled:Compartilhamento de aplicativo RTC -- (Microsoft Corporation)

"C:\Arquivos de programas\Mozilla Firefox\firefox.exe" = C:\Arquivos de programas\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)

"C:\Arquivos de programas\Windows Live\Sync\WindowsLiveSync.exe" = C:\Arquivos de programas\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

"C:\Arquivos de programas\Ares\Ares.exe" = C:\Arquivos de programas\Ares\Ares.exe:*:Enabled:Ares p2p for windows -- (Ares Development Group)

"C:\Documents and Settings\All Users\Dados de aplicativos\Kaspersky Lab Setup Files\Kaspersky Anti-Virus 2009\brazilian\setup.exe" = C:\Documents and Settings\All Users\Dados de aplicativos\Kaspersky Lab Setup Files\Kaspersky Anti-Virus 2009\brazilian\setup.exe:*:Enabled:Kaspersky Anti-Virus 2009 Setup -- (Kaspersky Lab)

"C:\Arquivos de programas\Nokia\Nokia Software Updater\nsu_ui_client.exe" = C:\Arquivos de programas\Nokia\Nokia Software Updater\nsu_ui_client.exe:*:Enabled:Nokia Software Updater -- (Nokia Corporation)

"C:\Arquivos de programas\Arquivos comuns\Nokia\Service Layer\A\nsl_host_process.exe" = C:\Arquivos de programas\Arquivos comuns\Nokia\Service Layer\A\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process -- (Nokia Corporation)

"C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe" = C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe:*:Enabled:Assistência Remota - Windows Messenger e Voz -- (Microsoft Corporation)

"C:\Arquivos de programas\NetMeeting\conf.exe" = C:\Arquivos de programas\NetMeeting\conf.exe:*:Disabled:Windows® NetMeeting® -- (Microsoft Corporation)

"C:\Documents and Settings\Ze Orlando\Configurações locais\Dados de aplicativos\WinDS PRO\DeSmuME\desmume.exe" = C:\Documents and Settings\Ze Orlando\Configurações locais\Dados de aplicativos\WinDS PRO\DeSmuME\desmume.exe:*:Disabled:desmume -- ()

"C:\Arquivos de programas\iTunes\iTunes.exe" = C:\Arquivos de programas\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)

"C:\Arquivos de programas\Microsoft LifeCam\LifeCam.exe" = C:\Arquivos de programas\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe -- (Microsoft Corporation)

"C:\Arquivos de programas\Opera\opera.exe" = C:\Arquivos de programas\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{025C3792-E9C6-432A-92C1-661F99D021CA}" = Ulead Photo Explorer 8.5 SE Basic

"{0611BD4E-4FE4-4a62-B0C0-18A4CC463428}" = CP_Package_Variety1

"{0C405D1F-359E-41C5-A1A9-383A04BBD5E2}" = Windows Live Galeria de Fotos

"{0E0DF90C-D0BA-4C89-9262-AD78D1A3DE51}" = HP USB Disk Storage Format Tool

"{1438B41C-658C-35B7-9253-780F2E0A0B8E}" = Microsoft .NET Framework 3.5 Language Pack SP1 - ptb

"{1B9B5B3B-28E7-4E59-A80D-D670AA984514}" = Nokia Connectivity Cable Driver

"{1C139D7D-9FEA-468d-A9C8-2A6E3BDE564A}" = CP_Package_Variety3

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Ferramenta de Carregamento do Windows Live

"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform

"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{23C3F5C0-566B-478B-AAB6-197ADAD0C945}" = Uniblue SpeedUpMyPC 2009

"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2

"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer

"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java 6 Update 20

"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2

"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime

"{2D793B70-C130-42D7-943B-43A67335570F}" = Windows Live Proteção para a Família

"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java 6 Update 7

"{32BC546A-8AA3-4239-AE92-9CF3291C35A6}" = Windows Live Call

"{350C9416-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform

"{3F31F3B5-C1FF-3708-8611-869DE39C0CB6}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - PTB

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4B141C08-51E5-4224-81BD-5FC967195734}" = LG USB Modem Driver-MDMS

"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack

"{4EC1177C-E3E8-4CEE-8E9F-E6D4E6F7B2E2}Ze Orlando_is1" = WinDS PRO DSi 2.4.4 Multilang (Ze Orlando)

"{51A9E3DD-37B8-47BB-8E67-5B76B3EFBC48}" = Assistente de Conexão do Windows Live

"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support

"{55C6E3F1-21B9-4D7A-98A6-B3E1671F9733}_is1" = Phonesuite ZTC B2 V1.0

"{5BF08C8C-FB06-FA9A-C636-EBBB67172376}" = Avatar

"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8

"{5ECB3A3C-980B-4D12-9724-25DCB07A1F47}" = iTunes

"{6179550A-3E7C-499E-BCC9-9E8113E0A285}" = LG ODD Auto Firmware Update

"{624DEAA0-B27D-444B-8BFE-70622B318A4A}" = Windows Live Toolbar

"{66039B36-96AE-40D1-8A32-071F7A61B738}" = Microsoft LifeChat

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{70312451-0D00-4A84-B9B1-0D59B5180A4F}" = Opera 10.53

"{71A3814A-FBDD-4744-A5DD-693DB10E1DDF}_is1" = Uberstaller 2.0.1

"{73C0DA51-DB32-4F66-970B-7298F3CAF37F}" = Nokia Software Updater

"{74AD1846-2010-4FB1-8E24-B6F2B87150C2}" = Windows Live Mail

"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{7B08D306-7266-4647-A926-2F78817ED1E0}" = Microsoft Corporation

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{85E0BA25-A5DE-4499-82C2-B4CE4F513E80}" = Cliente do Windows Rights Management com Service Pack 2

"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar

"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder

"{8A253629-0511-4854-8B4E-46E57E66005C}" = Bonjour

"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)

"{90110416-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edição 2003

"{90120000-0010-0416-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (Portuguese (Brazil)) 12

"{90120000-0020-0410-0000-0000000FF1CE}" = Pacchetto di compatibilità per Office System 2007

"{93D34EE3-99B3-4DB1-8B0A-0A657466F90D}" = Vivo 3G

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9555B4ED-09A3-4722-8E8C-57A49401D059}" = Windows Live Writer

"{961034C0-58DF-11DF-97FD-005056806466}" = Google Earth Plug-in

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9DE1BE03-AFE2-4CDB-BFEB-D06D736CD01A}" = Apple Mobile Device Support

"{9E2EE2F7-33BD-4D30-9E5D-8469A9F32009}" = Windows Live Sync

"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI

"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A67BB21E-D419-45BB-AB86-7D87D14BBCE2}" = Safari

"{A7B3E313-3472-4847-8D43-25EBD6734241}" = Microsoft LifeCam

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AC76BA86-7AD7-1046-7B44-A93000000001}" = Adobe Reader 9.3.2 - Português

"{B1FA73D8-AB79-3A2E-81AC-DBBAC155B2FE}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - PTB

"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0

"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup

"{B5ED7AB0-3838-4389-8549-7C8E22DD48F4}" = Windows Live Messenger

"{B74D4E10-6884-0000-0000-000000000103}" = Adobe Bridge 1.0

"{B824B5C9-849F-4b9e-9EA7-6FD8CD8116DA}" = CP_Package_Variety2

"{BA165460-FCF7-4D6C-A7A2-F2321700720F}" = MobileMe Control Panel

"{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}" = Motorola Phone Tools

"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation

"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C427E746-4EC9-4E3C-AACB-C6BB1F714D7F}" = Uniblue DriverScanner 2009

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{DA18FD01-4830-45D6-8408-8F20A9D89D95}" = PC Connectivity Solution

"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag

"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager

"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update

"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series

"{E63E34A7-E552-412B-9E40-FD6FC5227ABA}_is1" = Uniblue RegistryBooster

"{EC905264-BCFE-423B-9C42-C3A106266790}" = Compatibilidade com Versões Anteriores do Cliente do Windows Rights Management SP2

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F2CD4651-F948-467C-B014-71FD981B7F59}" = Windows Live Essentials

"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility

"{FE64AE29-0883-4C70-8388-DC026019C900}" = HP Image Zone Express

"0C5EDC3653FED5B121F464339EAC12534D253B25" = Pacote de Driver do Windows - Nokia Modem (02/15/2007 3.1)

"4Musics MP3 Bitrate Changer 5.0_is1" = 4Musics MP3 Bitrate Changer 5.0

"504244733D18C8F63FF584AEB290E3904E791693" = Pacote de Driver do Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0)

"Adobe Acrobat 5.0" = Adobe Acrobat 5.0

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe® Flash® Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Adobe Shockwave Player" = Adobe Shockwave Player 11.5

"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2

"AOL Emergency Connect Utility 1.0" = Uninstall AOL Emergency Connect Utility 1.0

"Ares" = Ares 2.0.9

"avast5" = avast! Free Antivirus

"AVIConverter" = AVIConverter 5.1.0

"B726756F5B5A5AA9D798B399386FC6205A45F19E" = Pacote de Driver do Windows - Nokia Modem (02/15/2007 3.1)

"C5A76DC11BABDA0A881E7BE8DDEB641365A77FFD" = Pacote de Driver do Windows - Nokia Modem (05/22/2008 3.8)

"Calculadora de impostos Lockerz" = Calculadora de impostos Lockerz

"CCleaner" = CCleaner

"CD8424B9400BFF7D34AA18F816C71322AC4BDAA7" = Pacote de Driver do Windows - Nokia Modem (05/24/2007 6.84.0.1)

"com.adobe.example.avatarAirApplication.199ED43C2CFEB351CD0244628B93195D7C58F98C.1" = Avatar

"EPSON Printer and Utilities" = Software para Impressoras EPSON

"FLV Player" = FLV Player 2.0 (build 25)

"FTP Commander" = FTP Commander

"Game Booster_is1" = Game Booster

"Glary Utilities_is1" = Glary Utilities 2.21.0.863

"HijackThis" = HijackThis 2.0.2

"ie8" = Windows Internet Explorer 8

"Ink Monitor" = Ink Monitor

"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Gerenciador de dispositivo de plataforma

"Kanji Gold_is1" = Kanji Gold 2.10

"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 5.1.0

"ManyCam" = ManyCam 2.4 (remove only)

"Messenger Plus! Live" = Messenger Plus! Live

"Messenger_Plus_Live_Brazil Toolbar" = Messenger_Plus_Live_Brazil Toolbar

"Microsoft .NET Framework 3.5 Language Pack SP1 - ptb" = Pacote de Idiomas do Microsoft .NET Framework 3.5 SP1 - PTB

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

"MsgPlus! Plugin" = Messenger Plus! 3

"MV AntiSpy 4.0_is1" = MV AntiSpy 4.0

"MV RegClean 5.9_is1" = MV RegClean 5.9

"Nero - Burning Rom!UninstallKey" = Nero OEM

"NSS" = Norton Security Scan

"OpenAL" = OpenAL

"PhotoFiltre" = PhotoFiltre

"PhotoScape" = PhotoScape

"Revo Uninstaller" = Revo Uninstaller 1.85

"SoftwareUpdUtility" = Download Updater (AOL LLC)

"Total Video Converter 3.02_is1" = Total Video Converter 3.02

"Total Video Converter 3.21_is1" = Total Video Converter 3.20 090114

"Uniblue DriverScanner 2009" = Uniblue DriverScanner 2009

"Uniblue SpeedUpMyPC 2009" = Uniblue SpeedUpMyPC 2009

"VIA Chrome9 HC IGP Display" = VIA/S3G Display Driver 6.14.10.0086

"ViewpointMediaPlayer" = Viewpoint Media Player

"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner

"Windows Media Encoder 9" = Windows Media Encoder 9 Series

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Windows Media Player 11

"WinLiveSuite_Wave3" = Windows Live Essentials

"WinRAR archiver" = Arquivo do WinRAR

"WMFDist11" = Windows Media Format 11 runtime

"wmp11" = Windows Media Player 11

"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-602162358-261478967-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"UnityWebPlayer" = Unity Web Player

"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

e aqui o OTL.txt

OTL logfile created on: 24/5/2010 18:47:30 - Run 1

OTL by OldTimer - Version 3.2.5.0 Folder = C:\Documents and Settings\Ze Orlando\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: d/M/yyyy

447,00 Mb Total Physical Memory | 103,00 Mb Available Physical Memory | 23,00% Memory free

2,00 Gb Paging File | 2,00 Gb Available in Paging File | 83,00% Paging File free

Paging file location(s): c:\pagefile.sys 2000 4000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Arquivos de programas

Drive C: | 29,35 Gb Total Space | 0,89 Gb Free Space | 3,04% Space Free | Partition Type: NTFS

Drive D: | 7,83 Gb Total Space | 4,09 Gb Free Space | 52,24% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: HOME

Current User Name: Ze Orlando

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: On

Skip Microsoft Files: On

File Age = 14 Days

Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Ze Orlando\desktop\OTL.exe (OldTimer Tools)

PRC - C:\Arquivos de programas\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)

PRC - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)

PRC - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)

PRC - C:\Arquivos de programas\Mozilla Firefox\firefox.exe (Mozilla Corporation)

PRC - C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

PRC - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)

PRC - C:\Arquivos de programas\Ares\Ares.exe (Ares Development Group)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\Arquivos de programas\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)

PRC - C:\WINDOWS\vVX3000.exe (Microsoft Corporation)

PRC - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Ze Orlando\desktop\OTL.exe (OldTimer Tools)

MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (npggsvc) -- File not found

SRV - (hpdj00) -- File not found

SRV - (gupdate1c9aa55352ec26e) Google Update Service (gupdate1c9aa55352ec26e) -- File not found

SRV - (avast! Web Scanner) -- C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)

SRV - (avast! Mail Scanner) -- C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)

SRV - (avast! Antivirus) -- C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)

SRV - (Apple Mobile Device) -- C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)

SRV - (ServiceLayer) -- C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe (Nokia)

SRV - (getPlusHelper) getPlus® -- C:\Arquivos de programas\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)

SRV - (Adobe LM Service) -- C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe (Adobe Systems)

SRV - (fsssvc) -- C:\Arquivos de programas\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)

SRV - (SeaPort) -- C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)

SRV - (WLSetupSvc) -- C:\Arquivos de programas\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation)

SRV - (MSCamSvc) -- C:\Arquivos de programas\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)

SRV - (ose) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)

SRV - (MDM) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (aswTdi) -- C:\WINDOWS\system32\drivers\aswTdi.sys (ALWIL Software)

DRV - (aswSP) -- C:\WINDOWS\system32\drivers\aswSP.sys (ALWIL Software)

DRV - (aswRdr) -- C:\WINDOWS\system32\drivers\aswRdr.sys (ALWIL Software)

DRV - (aswMon2) -- C:\WINDOWS\system32\drivers\aswmon2.sys (ALWIL Software)

DRV - (aswFsBlk) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys (ALWIL Software)

DRV - (Aavmker4) -- C:\WINDOWS\system32\drivers\aavmker4.sys (ALWIL Software)

DRV - (diskpt) -- C:\WINDOWS\SYSTEM32\drivers\diskpt.sys (SHADOWDEFENDER.COM)

DRV - (usbsermpt) -- C:\WINDOWS\system32\drivers\usbsermpt.sys (Microsoft Corporation)

DRV - (fssfltr) -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys (Microsoft Corporation)

DRV - (nocashio) -- C:\WINDOWS\system32\drivers\nocashio.sys ()

DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia)

DRV - (ZTEusbser6k) -- C:\WINDOWS\system32\drivers\ZTEusbser6k.sys (ZTE Incorporated)

DRV - (ZTEusbnmea) -- C:\WINDOWS\system32\drivers\ZTEusbnmea.sys (ZTE Incorporated)

DRV - (ZTEusbmdm6k) -- C:\WINDOWS\system32\drivers\ZTEusbmdm6k.sys (ZTE Incorporated)

DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)

DRV - (usbaudio) Driver de áudio USB (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation)

DRV - (ManyCam) -- C:\WINDOWS\system32\drivers\ManyCam.sys (ManyCam LLC.)

DRV - (EuMusDesignVirtualAudioCableWdm_s2x) Sound2x Audio Cable (WDM) -- C:\WINDOWS\system32\drivers\vacs2xkd.sys (Eugene V. Muzychenko)

DRV - (HdAudAddService) -- C:\WINDOWS\system32\drivers\viahduaa.sys (VIA Technologies, Inc.)

DRV - (VX3000) -- C:\WINDOWS\system32\drivers\VX3000.sys (Microsoft Corporation)

DRV - (videX32) -- C:\WINDOWS\system32\DRIVERS\videX32.sys (VIA Technologies, Inc.)

DRV - (ViPrt) -- C:\WINDOWS\system32\DRIVERS\ViPrt.sys (VIA Technologies, Inc.)

DRV - (ViBus) -- C:\WINDOWS\system32\DRIVERS\ViBus.sys (VIA Technologies, Inc.)

DRV - (S3GIGP) -- C:\WINDOWS\system32\drivers\S3gIGPm.sys (S3 Graphics Co., Ltd.)

DRV - (lgusbsmodem) -- C:\WINDOWS\system32\drivers\lgusbsmodem.sys (LG Electronics Inc.)

DRV - (NPPTNT2) -- C:\WINDOWS\system32\npptNT2.sys (INCA Internet Co., Ltd.)

DRV - (PPortJoystick) -- C:\WINDOWS\system32\drivers\PPortJoy.sys (Deon van der Westhuysen)

DRV - (PPJoyBus) -- C:\WINDOWS\system32\drivers\PPJoyBus.sys (Deon van der Westhuysen)

DRV - (SlNtHal) -- C:\WINDOWS\system32\drivers\slnthal.sys (Smart Link)

DRV - (SlWdmSup) -- C:\WINDOWS\system32\drivers\slwdmsup.sys (Smart Link)

DRV - (Slntamr) -- C:\WINDOWS\system32\drivers\slntamr.sys (Smart Link)

DRV - (NtMtlFax) -- C:\WINDOWS\system32\drivers\ntmtlfax.sys (Smart Link)

DRV - (Mtlmnt5) -- C:\WINDOWS\system32\drivers\mtlmnt5.sys (Smart Link)

DRV - (RecAgent) -- C:\WINDOWS\system32\DRIVERS\RecAgent.sys (Smart Link)

DRV - (Mtlstrm) -- C:\WINDOWS\system32\drivers\mtlstrm.sys (Smart Link)

DRV - (ASPI) -- C:\WINDOWS\system32\drivers\ASPI32.SYS (Adaptec)

DRV - (MODEMCSA) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys (Microsoft Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-602162358-261478967-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [binary data]

IE - HKU\S-1-5-21-602162358-261478967-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKU\S-1-5-21-602162358-261478967-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://br.msn.com/

IE - HKU\S-1-5-21-602162358-261478967-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = pt-br

IE - HKU\S-1-5-21-602162358-261478967-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 7C EF 7A 25 68 B6 C9 01 [binary data]

IE - HKU\S-1-5-21-602162358-261478967-839522115-1003\..\URLSearchHook: {edbca961-4bf8-4cbe-8c63-a11dff9ed2d9} - C:\Arquivos de programas\Messenger_Plus_Live_Brazil\tbMes1.dll (Conduit Ltd.)

IE - HKU\S-1-5-21-602162358-261478967-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Live Search"

FF - prefs.js..browser.search.defaulturl: "http://search.live.com/results.aspx?FORM=IEFM1&q="

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "http://www.uol.com.br/"

FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20090123.1

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:2.2.0.102

FF - prefs.js..keyword.URL: "http://search.live.com/results.aspx?FORM=IEFM1&q="

FF - prefs.js..network.proxy.autoconfig_url: "http://query.ieconfig.com:8083/config.pac"

FF - prefs.js..network.proxy.type: 2

FF - prefs.js..network.proxy.autoconfig_url: "http://query.ieconfig.com:8083/config.pac"

FF - prefs.js..network.proxy.type: 2

FF - prefs.js..network.proxy.autoconfig_url: "http://query.ieconfig.com:8083/config.pac"

FF - prefs.js..network.proxy.type: 2

FF - prefs.js..network.proxy.autoconfig_url: "http://query.ieconfigs.com:8083/config.pac"

FF - prefs.js..network.proxy.type: 2

FF - prefs.js..network.proxy.autoconfig_url: "http://query.ieconfigs.com:8083/config.pac"

FF - prefs.js..network.proxy.type: 2

FF - prefs.js..network.proxy.autoconfig_url: "http://query.ieconfigs.com:8083/config.pac"

FF - prefs.js..network.proxy.type: 2

FF - prefs.js..network.proxy.autoconfig_url: "http://query.ieconfigs.com:8083/config.pac"

FF - prefs.js..network.proxy.type: 2

FF - prefs.js..network.proxy.autoconfig_url: "http://query.ieconfigs.com:8083/config.pac"

FF - prefs.js..network.proxy.type: 2

FF - prefs.js..network.proxy.autoconfig_url: "http://network.winconfigs.com/"

FF - prefs.js..network.proxy.type: 2

FF - prefs.js..network.proxy.autoconfig_url: "http://network.winconfigs.com/"

FF - prefs.js..network.proxy.type: 2

FF - prefs.js..network.proxy.autoconfig_url: "http://network.winconfigs.com/"

FF - prefs.js..network.proxy.type: 2

FF - prefs.js..network.proxy.autoconfig_url: "http://network.winconfigs.com/"

FF - prefs.js..network.proxy.type: 2

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Arquivos de programas\Mozilla Firefox\components [2010/05/18 14:52:27 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Arquivos de programas\Mozilla Firefox\plugins [2010/05/24 17:32:59 | 000,000,000 | ---D | M]

[2008/09/28 12:23:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ze Orlando\Dados de aplicativos\Mozilla\Extensions

[2009/12/19 00:50:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ze Orlando\Dados de aplicativos\Mozilla\Firefox\Profiles\2dz42arb.default\extensions

[2009/06/27 15:50:33 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Ze Orlando\Dados de aplicativos\Mozilla\Firefox\Profiles\2dz42arb.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2009/05/05 14:29:14 | 000,000,000 | ---D | M] (ImageShack® Toolbar) -- C:\Documents and Settings\Ze Orlando\Dados de aplicativos\Mozilla\Firefox\Profiles\2dz42arb.default\extensions\{7378B8C2-FC38-41b8-A8C9-875D1F5B0A24}

[2009/02/18 23:38:53 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Ze Orlando\Dados de aplicativos\Mozilla\Firefox\Profiles\2dz42arb.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}

[2008/11/01 00:01:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ze Orlando\Dados de aplicativos\Mozilla\Firefox\Profiles\2dz42arb.default\extensions\bkmrksync@nokia.com

[2010/05/08 18:55:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ze Orlando\Dados de aplicativos\Mozilla\Firefox\Profiles\2dz42arb.default\extensions\LogMeInClient@logmein.com

[2009/12/19 00:50:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ze Orlando\Dados de aplicativos\Mozilla\Firefox\Profiles\2dz42arb.default\extensions\toolbar@ask.com

[2009/07/04 16:47:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ze Orlando\Dados de aplicativos\Mozilla\Firefox\Profiles\mbfffv1x.Leko.xD\extensions

[2009/07/03 14:36:19 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Ze Orlando\Dados de aplicativos\Mozilla\Firefox\Profiles\mbfffv1x.Leko.xD\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010/05/24 17:08:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ze Orlando\Dados de aplicativos\Mozilla\Firefox\Profiles\s3octg1a.Novo perfil\extensions

[2009/07/04 17:12:32 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Ze Orlando\Dados de aplicativos\Mozilla\Firefox\Profiles\s3octg1a.Novo perfil\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010/04/04 15:12:45 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Ze Orlando\Dados de aplicativos\Mozilla\Firefox\Profiles\s3octg1a.Novo perfil\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}(2)

[2010/05/23 18:13:19 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Ze Orlando\Dados de aplicativos\Mozilla\Firefox\Profiles\s3octg1a.Novo perfil\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}-trash

[2010/03/05 14:20:55 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\Ze Orlando\Dados de aplicativos\Mozilla\Firefox\Profiles\s3octg1a.Novo perfil\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}

[2009/08/05 18:02:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Ze Orlando\Dados de aplicativos\Mozilla\Firefox\Profiles\s3octg1a.Novo perfil\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}

[2010/05/10 19:23:28 | 000,000,000 | ---D | M] (Messenger Plus Live Brazil Toolbar) -- C:\Documents and Settings\Ze Orlando\Dados de aplicativos\Mozilla\Firefox\Profiles\s3octg1a.Novo perfil\extensions\{edbca961-4bf8-4cbe-8c63-a11dff9ed2d9}

[2010/05/09 20:10:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ze Orlando\Dados de aplicativos\Mozilla\Firefox\Profiles\s3octg1a.Novo perfil\extensions\staged-xpis

[2009/03/22 00:40:17 | 000,001,632 | ---- | M] () -- C:\Documents and Settings\Ze Orlando\Dados de aplicativos\Mozilla\Firefox\Profiles\2dz42arb.default\searchplugins\live-search.xml

[2010/05/24 17:08:05 | 000,000,000 | ---D | M] -- C:\Arquivos de programas\Mozilla Firefox\extensions

[2010/04/15 17:23:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Arquivos de programas\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Arquivos de programas\Mozilla Firefox\plugins\npdeployJava1.dll

[2009/08/03 15:07:42 | 000,373,104 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Mozilla Firefox\plugins\npOGAPlugin.dll

[2009/10/06 06:40:40 | 000,098,304 | ---- | M] (OGPlanet Inc.) -- C:\Arquivos de programas\Mozilla Firefox\plugins\npOGPPlugin.dll

[2010/04/01 14:34:02 | 000,001,027 | ---- | M] () -- C:\Arquivos de programas\Mozilla Firefox\searchplugins\buscape.xml

[2010/04/01 14:34:02 | 000,001,212 | ---- | M] () -- C:\Arquivos de programas\Mozilla Firefox\searchplugins\mercadolivre.xml

[2010/04/01 14:34:02 | 000,001,168 | ---- | M] () -- C:\Arquivos de programas\Mozilla Firefox\searchplugins\wikipedia-br.xml

[2010/04/01 14:34:02 | 000,000,952 | ---- | M] () -- C:\Arquivos de programas\Mozilla Firefox\searchplugins\yahoo-br.xml

O1 HOSTS File: ([2010/05/09 12:30:56 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (PandoraTV Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Arquivos de programas\Ask.com\GenericAskToolbar.dll File not found

O2 - BHO: (Messenger Plus Live Brazil Toolbar) - {edbca961-4bf8-4cbe-8c63-a11dff9ed2d9} - C:\Arquivos de programas\Messenger_Plus_Live_Brazil\tbMes1.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (PandoraTV Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Arquivos de programas\Ask.com\GenericAskToolbar.dll File not found

O3 - HKLM\..\Toolbar: (Messenger Plus Live Brazil Toolbar) - {edbca961-4bf8-4cbe-8c63-a11dff9ed2d9} - C:\Arquivos de programas\Messenger_Plus_Live_Brazil\tbMes1.dll (Conduit Ltd.)

O3 - HKU\S-1-5-21-602162358-261478967-839522115-1003\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.

O3 - HKU\S-1-5-21-602162358-261478967-839522115-1003\..\Toolbar\WebBrowser: (PandoraTV Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Arquivos de programas\Ask.com\GenericAskToolbar.dll File not found

O3 - HKU\S-1-5-21-602162358-261478967-839522115-1003\..\Toolbar\WebBrowser: (Messenger Plus Live Brazil Toolbar) - {EDBCA961-4BF8-4CBE-8C63-A11DFF9ED2D9} - C:\Arquivos de programas\Messenger_Plus_Live_Brazil\tbMes1.dll (Conduit Ltd.)

O4 - HKLM..\Run: [AppleSyncNotifier] C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)

O4 - HKLM..\Run: [avast5] C:\Arquivos de programas\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)

O4 - HKLM..\Run: [LifeCam] C:\Arquivos de programas\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [VX3000] C:\WINDOWS\vVX3000.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-602162358-261478967-839522115-1003..\Run: [ares] C:\Arquivos de programas\Ares\Ares.exe (Ares Development Group)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPopUpsOnBoot = 1

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-602162358-261478967-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-21-602162358-261478967-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-21-602162358-261478967-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Arquivos de programas\Bonjour\mdnsNSP.dll (Apple Inc.)

O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab (Office Genuine Advantage Validation Tool)

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/MessengerGamesContent/GameContent/pt/uno1/GAME_UNO1.cab (UnoCtrl Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Value error.)

O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O16 - DPF: Microsoft XML Parser for Java Reg Error: Value error. (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 201.46.240.12 201.46.240.13

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)

O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Arquivos de programas\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O24 - Desktop Components:0 (Minha página inicial atual) - About:Home

O24 - Desktop WallPaper: C:\Documents and Settings\Ze Orlando\Configurações locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Ze Orlando\Configurações locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - Reg Error: Key error. File not found

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2008/09/27 15:47:44 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 14 Days ==========

[2010/05/24 18:26:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ze Orlando\Desktop\#585 - Brothers cups

[2010/05/24 18:16:14 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Ze Orlando\Desktop\OTL.exe

[2010/05/24 18:13:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ze Orlando\Dados de aplicativos\PriceGong

[2010/05/24 17:31:27 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Ze Orlando\Desktop\TFC.exe

[2010/05/24 13:54:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ze Orlando\Desktop\AOL Saved PFC

[2010/05/24 12:22:34 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Opera

[2010/05/23 19:38:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ze Orlando\Dados de aplicativos\AOL

[2010/05/23 19:37:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\Macromedia

[2010/05/23 19:37:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\AOL

[2010/05/23 19:35:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\Viewpoint

[2010/05/23 19:34:59 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Viewpoint

[2010/05/23 19:34:19 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Arquivos comuns\Software Update Utility

[2010/05/23 19:32:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documentos\AOL Downloads

[2010/05/23 19:30:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\AOL OCP

[2010/05/23 19:30:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ze Orlando\Configurações locais\Dados de aplicativos\AOL

[2010/05/23 19:29:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\AOL

[2010/05/23 19:29:26 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Arquivos comuns\aol

[2010/05/23 19:23:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\AOL Downloads

[2010/05/23 18:11:59 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Ze Orlando\Recent

[2010/05/22 21:11:14 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Phonesuite ZTC B2

[2010/05/22 21:08:38 | 003,935,730 | ---- | C] (ZTC ) -- C:\Documents and Settings\Ze Orlando\Desktop\ZTC_B2_PS sync.exe

[2010/05/22 21:08:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ze Orlando\Desktop\Driver

[2010/05/20 20:43:04 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Microsoft LifeCam

[2010/05/19 20:34:24 | 000,018,816 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\pccsmcfd.sys

[2010/05/19 20:34:01 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\PC Connectivity Solution

[2010/05/19 20:28:14 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Arquivos comuns\Nokia

[2010/05/19 13:00:26 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8

[2010/05/18 22:07:52 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Ze Orlando\Meus documentos\Arquivos da LifeCam

[2010/05/17 14:04:51 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Ze Orlando\Dados de aplicativos\javiusystem.ini

[2010/05/17 13:54:40 | 000,088,576 | ---- | C] (NirSoft) -- C:\WINDOWS\System32\owner.exe

[2010/05/16 12:44:31 | 000,000,000 | -HSD | C] -- C:\RECYCLER

[2010/05/15 18:42:45 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

[2010/05/15 18:42:45 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2010/05/15 18:42:45 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2010/05/15 18:42:45 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2010/05/15 18:39:37 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW

[2010/05/14 15:20:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ze Orlando\Dados de aplicativos\Auslogics

[2010/05/14 15:20:08 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Auslogics

[2010/05/14 08:59:22 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\iPod

[2010/05/14 08:58:54 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\iTunes

[2010/05/14 08:58:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

[2010/05/14 08:51:22 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\QuickTime

[2010/05/13 12:23:58 | 000,000,000 | ---D | C] -- C:\ProgramLog

[2010/05/13 00:30:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NSS

[2010/05/13 00:30:45 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Norton Security Scan

[2010/05/13 00:30:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NSS\0207030.022

[2010/05/13 00:30:39 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\NortonInstaller

[2010/05/13 00:24:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ze Orlando\Dados de aplicativos\ManyCam

[2010/05/13 00:24:09 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\ManyCam 2.4

[2010/05/11 12:10:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ze Orlando\Meus documentos\Downloads

[2010/05/10 21:01:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Configurações locais\Dados de aplicativos\Messenger_Plus_Live_Brazil

[2010/05/10 19:23:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ze Orlando\Configurações locais\Dados de aplicativos\Conduit

[2010/05/10 19:23:40 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Conduit

[2010/05/10 19:23:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ze Orlando\Configurações locais\Dados de aplicativos\Messenger_Plus_Live_Brazil

[2010/05/10 19:23:30 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Messenger_Plus_Live_Brazil

========== Files - Modified Within 14 Days ==========

[2010/05/24 18:54:41 | 004,891,297 | ---- | M] () -- C:\Documents and Settings\Ze Orlando\Desktop\Viper53.rar

[2010/05/24 18:25:56 | 006,778,249 | ---- | M] () -- C:\Documents and Settings\Ze Orlando\Desktop\Avidown_HonnouTeam_One_Piece_585.rar

[2010/05/24 18:23:30 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2010/05/24 18:16:15 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ze Orlando\Desktop\OTL.exe

[2010/05/24 18:14:00 | 000,001,048 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2010/05/24 18:12:43 | 000,000,464 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{C384038A-6F1B-4C9B-A03D-3FE4B894DDA3}.job

[2010/05/24 18:06:15 | 000,002,284 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010/05/24 18:06:15 | 000,000,336 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job

[2010/05/24 18:06:12 | 000,001,044 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2010/05/24 18:05:46 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2010/05/24 18:05:29 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010/05/24 18:04:00 | 012,320,768 | ---- | M] () -- C:\Documents and Settings\Ze Orlando\ntuser.dat

[2010/05/24 18:04:00 | 000,000,330 | -HS- | M] () -- C:\Documents and Settings\Ze Orlando\ntuser.ini

[2010/05/24 18:03:49 | 008,038,718 | -H-- | M] () -- C:\Documents and Settings\Ze Orlando\Configurações locais\Dados de aplicativos\IconCache.db

[2010/05/24 18:02:06 | 000,000,516 | -H-- | M] () -- C:\WINDOWS\tasks\Norton Security Scan for Ze Orlando.job

[2010/05/24 18:01:03 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job

[2010/05/24 17:31:28 | 000,444,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ze Orlando\Desktop\TFC.exe

[2010/05/24 16:43:46 | 013,642,035 | ---- | M] () -- C:\Documents and Settings\Ze Orlando\Desktop\Uniblue.PowerSuite.2010.v2.1.1.0.baixedetudo.net.rar

[2010/05/24 13:55:55 | 000,000,552 | ---- | M] () -- C:\WINDOWS\win.ini

[2010/05/24 13:54:48 | 000,000,002 | ---- | M] () -- C:\WINDOWS\msoffice.ini

[2010/05/23 19:40:33 | 000,010,920 | ---- | M] () -- C:\aolconnfix.exe

[2010/05/23 19:32:50 | 003,294,354 | ---- | M] () -- C:\Documents and Settings\Ze Orlando\Desktop\video.mp3

[2010/05/23 19:23:08 | 000,000,335 | ---- | M] () -- C:\WINDOWS\nsreg.dat

[2010/05/23 17:18:35 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini

[2010/05/23 17:15:02 | 000,064,824 | ---- | M] () -- C:\Documents and Settings\Ze Orlando\Desktop\qw.jpg

[2010/05/23 17:09:46 | 000,474,612 | ---- | M] () -- C:\WINDOWS\System32\perfh016.dat

[2010/05/23 17:09:46 | 000,438,786 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2010/05/23 17:09:46 | 000,081,402 | ---- | M] () -- C:\WINDOWS\System32\perfc016.dat

[2010/05/23 17:09:46 | 000,069,430 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2010/05/23 17:09:45 | 001,077,508 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2010/05/23 16:51:47 | 000,145,139 | ---- | M] () -- C:\Documents and Settings\Ze Orlando\Desktop\Image.jpg

[2010/05/23 16:12:12 | 000,014,336 | -H-- | M] () -- C:\Documents and Settings\Ze Orlando\Desktop\photothumb.db

[2010/05/22 22:26:00 | 000,049,912 | ---- | M] () -- C:\Documents and Settings\Ze Orlando\Desktop\OgAAAFvD55EFVOupg5VVijAuiJeC_EJMQ46WhNNiRtxc1tW-PaokSSD42lAkwa28IHFgJjBCHmb8ADAqnT04EJXAUwwAm1T1UInlpoaDOUoxIhXGtuAxNrm2yeNo.jpg

[2010/05/22 21:11:22 | 000,000,725 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Phonesuite ZTC B2.lnk

[2010/05/22 21:08:01 | 003,936,055 | ---- | M] () -- C:\Documents and Settings\Ze Orlando\Desktop\MP7drives+PCSync.csc.rar

[2010/05/21 19:08:00 | 082,049,638 | ---- | M] () -- C:\Documents and Settings\Ze Orlando\Desktop\HinataSou_[AnimeNSK]_B_Gata_H_Kei_07.rar

[2010/05/21 17:34:06 | 078,621,207 | ---- | M] () -- C:\Documents and Settings\Ze Orlando\Desktop\HinataSou__PA___About__Ichiban_Ushiro_no_Daimaou_05.rar

[2010/05/21 16:18:12 | 000,058,880 | ---- | M] () -- C:\Documents and Settings\Ze Orlando\Configurações locais\Dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/05/19 20:28:37 | 000,001,911 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Nokia Software Updater.lnk

[2010/05/19 19:49:14 | 000,663,385 | ---- | M] () -- C:\Documents and Settings\Ze Orlando\Desktop\ulquiorra-arrancar-number-4.jpg

[2010/05/18 17:37:44 | 013,107,200 | ---- | M] () -- C:\Documents and Settings\Ze Orlando\ntuser.dat.gbck

[2010/05/18 14:21:32 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Ze Orlando\Dados de aplicativos\javiusystem.ini

[2010/05/18 13:59:21 | 000,402,972 | ---- | M] () -- C:\WINDOWS\systemffox.exe

[2010/05/17 21:00:23 | 000,000,300 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2010/05/17 13:54:40 | 000,088,576 | ---- | M] (NirSoft) -- C:\WINDOWS\System32\owner.exe

[2010/05/15 19:59:52 | 094,816,861 | ---- | M] () -- C:\Documents and Settings\Ze Orlando\Desktop\_AnimeForces.com__Live__Densha_Otoko_07.rmvb

[2010/05/15 18:58:54 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini

[2010/05/15 18:39:07 | 003,689,423 | R--- | M] () -- C:\Documents and Settings\Ze Orlando\Desktop\ComboFix.exe

[2010/05/13 00:30:45 | 000,000,172 | ---- | M] () -- C:\WINDOWS\System32\drivers\NSS\0207030.022\isolate.ini

[2010/05/11 13:33:23 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb

[2010/05/11 13:33:23 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb

[2010/05/10 19:17:33 | 002,330,504 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2010/05/24 18:25:04 | 006,778,249 | ---- | C] () -- C:\Documents and Settings\Ze Orlando\Desktop\Avidown_HonnouTeam_One_Piece_585.rar

[2010/05/24 16:38:19 | 013,642,035 | ---- | C] () -- C:\Documents and Settings\Ze Orlando\Desktop\Uniblue.PowerSuite.2010.v2.1.1.0.baixedetudo.net.rar

[2010/05/24 13:54:48 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini

[2010/05/23 19:40:33 | 000,010,920 | ---- | C] () -- C:\aolconnfix.exe

[2010/05/23 19:32:34 | 003,294,354 | ---- | C] () -- C:\Documents and Settings\Ze Orlando\Desktop\video.mp3

[2010/05/23 16:51:38 | 000,145,139 | ---- | C] () -- C:\Documents and Settings\Ze Orlando\Desktop\Image.jpg

[2010/05/23 16:12:09 | 000,014,336 | -H-- | C] () -- C:\Documents and Settings\Ze Orlando\Desktop\photothumb.db

[2010/05/23 15:36:40 | 000,064,824 | ---- | C] () -- C:\Documents and Settings\Ze Orlando\Desktop\qw.jpg

[2010/05/22 22:25:51 | 000,049,912 | ---- | C] () -- C:\Documents and Settings\Ze Orlando\Desktop\OgAAAFvD55EFVOupg5VVijAuiJeC_EJMQ46WhNNiRtxc1tW-PaokSSD42lAkwa28IHFgJjBCHmb8ADAqnT04EJXAUwwAm1T1UInlpoaDOUoxIhXGtuAxNrm2yeNo.jpg

[2010/05/22 21:11:22 | 000,000,725 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Phonesuite ZTC B2.lnk

[2010/05/22 21:07:33 | 003,936,055 | ---- | C] () -- C:\Documents and Settings\Ze Orlando\Desktop\MP7drives+PCSync.csc.rar

[2010/05/21 19:04:04 | 082,049,638 | ---- | C] () -- C:\Documents and Settings\Ze Orlando\Desktop\HinataSou_[AnimeNSK]_B_Gata_H_Kei_07.rar

[2010/05/21 17:23:39 | 078,621,207 | ---- | C] () -- C:\Documents and Settings\Ze Orlando\Desktop\HinataSou__PA___About__Ichiban_Ushiro_no_Daimaou_05.rar

[2010/05/19 20:28:37 | 000,001,911 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Nokia Software Updater.lnk

[2010/05/19 19:49:13 | 000,663,385 | ---- | C] () -- C:\Documents and Settings\Ze Orlando\Desktop\ulquiorra-arrancar-number-4.jpg

[2010/05/19 13:14:03 | 000,000,464 | -H-- | C] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{C384038A-6F1B-4C9B-A03D-3FE4B894DDA3}.job

[2010/05/17 13:54:33 | 000,402,972 | ---- | C] () -- C:\WINDOWS\systemffox.exe

[2010/05/15 19:47:29 | 094,816,861 | ---- | C] () -- C:\Documents and Settings\Ze Orlando\Desktop\_AnimeForces.com__Live__Densha_Otoko_07.rmvb

[2010/05/15 18:42:45 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2010/05/15 18:42:45 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2010/05/15 18:42:45 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2010/05/15 18:42:45 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe

[2010/05/15 18:42:45 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2010/05/15 18:38:02 | 003,689,423 | R--- | C] () -- C:\Documents and Settings\Ze Orlando\Desktop\ComboFix.exe

[2010/05/13 00:31:08 | 000,000,516 | -H-- | C] () -- C:\WINDOWS\tasks\Norton Security Scan for Ze Orlando.job

[2010/05/13 00:30:45 | 000,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\NSS\0207030.022\isolate.ini

[2010/05/09 13:40:25 | 002,378,752 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll

[2009/10/15 23:14:09 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini

[2009/10/15 23:14:04 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll

[2009/10/15 23:14:03 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll

[2009/10/15 23:14:03 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll

[2009/10/15 23:13:55 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll

[2009/10/15 23:13:55 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest

[2009/10/15 16:41:58 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll

[2009/09/13 22:08:43 | 000,000,221 | ---- | C] () -- C:\WINDOWS\NCLogConfig.ini

[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL

[2009/01/28 12:51:12 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\drivers\nocashio.sys

[2009/01/12 17:22:45 | 000,000,064 | ---- | C] () -- C:\WINDOWS\Wininit.ini

[2009/01/03 10:53:49 | 000,014,976 | ---- | C] () -- C:\WINDOWS\System32\drivers\SBKUPNT.SYS

[2009/01/03 10:53:42 | 000,002,799 | ---- | C] () -- C:\WINDOWS\SKLANG.INI

[2008/12/28 20:59:40 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2008/11/09 18:13:15 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\vusetup.dll

[2008/10/16 13:37:12 | 000,000,071 | ---- | C] () -- C:\WINDOWS\Pex.INI

[2008/10/15 22:09:04 | 000,000,297 | ---- | C] () -- C:\WINDOWS\lgfwup.ini

[2008/10/06 20:49:32 | 000,015,498 | ---- | C] () -- C:\WINDOWS\VX3000.ini

[2008/10/05 13:14:32 | 000,000,227 | ---- | C] () -- C:\WINDOWS\HP_CounterReport_Update_HPSU.ini

[2008/10/05 13:14:16 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini

[2008/10/05 13:00:18 | 000,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini

[2008/10/03 19:06:20 | 000,000,066 | ---- | C] () -- C:\WINDOWS\EPSC45.ini

[2008/10/02 12:59:00 | 000,004,754 | ---- | C] () -- C:\WINDOWS\cdplayer.ini

[2008/09/27 17:29:17 | 000,000,421 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2003/04/07 11:30:02 | 000,005,383 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

[2001/07/06 15:30:02 | 000,003,277 | ---- | C] () -- C:\WINDOWS\System32\HPTCPMON.INI

========== LOP Check ==========

[2010/04/14 11:56:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Alwil Software

[2010/01/06 21:12:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\BVRP Software

[2010/02/25 14:48:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\DriverScanner

[2009/11/11 09:19:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\ESET

[2010/05/19 20:34:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Installations

[2010/02/23 12:05:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\IObit

[2010/05/10 19:23:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Messenger Plus!

[2010/01/31 16:36:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Nokia

[2009/07/19 12:11:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\PC Drivers HeadQuarters

[2008/10/31 23:23:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\PC Suite

[2008/09/28 12:01:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\SpeedBit

[2009/10/05 13:26:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\TEMP

[2008/09/30 20:10:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Ulead Systems

[2010/05/23 19:35:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Viewpoint

[2009/03/15 15:43:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}

[2010/05/14 09:00:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

[2009/09/12 10:52:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\{755AC846-7372-4AC8-8550-C52491DAA8BD}

[2009/04/09 20:24:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}

[2010/05/23 18:19:46 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\{92E7A367-8E12-4830-AA70-29C32E331A81}

[2010/05/08 18:55:34 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\{A613CA96-150A-4A1D-90CE-67F81379DF8C}

[2010/05/08 18:55:35 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\{D5ABFFAD-D592-4F98-B02B-587125B4801F}

[2009/07/18 10:39:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\leila\Dados de aplicativos\Ulead Systems

[2010/05/14 15:20:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ze Orlando\Dados de aplicativos\Auslogics

[2010/04/03 11:51:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ze Orlando\Dados de aplicativos\com.adobe.example.avatarAirApplication.199ED43C2CFEB351CD0244628B93195D7C58F98C.1

[2010/03/17 17:35:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ze Orlando\Dados de aplicativos\DeSmuME

[2010/05/15 18:39:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ze Orlando\Dados de aplicativos\GetRightToGo

[2010/04/06 15:36:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ze Orlando\Dados de aplicativos\GlarySoft

[2010/03/17 17:35:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ze Orlando\Dados de aplicativos\iDeaS

[2008/10/15 22:05:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ze Orlando\Dados de aplicativos\InterTrust

[2010/02/25 15:00:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ze Orlando\Dados de aplicativos\IObit

[2008/12/14 10:40:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ze Orlando\Dados de aplicativos\LimeWire

[2010/05/13 00:26:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ze Orlando\Dados de aplicativos\ManyCam

[2008/12/11 18:54:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ze Orlando\Dados de aplicativos\Nokia

[2010/01/18 00:45:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ze Orlando\Dados de aplicativos\nswb

[2010/02/03 14:27:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ze Orlando\Dados de aplicativos\OxyCube

[2008/11/01 00:43:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ze Orlando\Dados de aplicativos\PC Suite

[2010/05/24 18:13:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ze Orlando\Dados de aplicativos\PriceGong

[2009/03/24 12:04:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ze Orlando\Dados de aplicativos\Publish Providers

[2010/05/10 14:58:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ze Orlando\Dados de aplicativos\QuickScan

[2010/04/09 14:32:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ze Orlando\Dados de aplicativos\Secunia CSI

[2010/04/05 02:29:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ze Orlando\Dados de aplicativos\Thinstall

[2008/10/16 13:36:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ze Orlando\Dados de aplicativos\Ulead Systems

[2010/05/23 18:22:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ze Orlando\Dados de aplicativos\Uniblue

[2010/02/25 15:13:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ze Orlando\Dados de aplicativos\uTorrent

[2010/03/17 17:35:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ze Orlando\Dados de aplicativos\VBA-M

[2009/06/11 18:56:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ze Orlando\Dados de aplicativos\Vso

[2009/01/14 16:03:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Zé Orlando\Dados de aplicativos\Image Zone Express

[2010/05/08 16:35:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Zé Orlando\Dados de aplicativos\IObit

[2010/05/24 12:23:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Zé Orlando\Dados de aplicativos\Opera

[2008/11/08 10:34:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Zé Orlando\Dados de aplicativos\PC Suite

[2009/02/12 08:39:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Zé Orlando\Dados de aplicativos\Ulead Systems

[2010/04/05 12:14:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Zé Orlando\Dados de aplicativos\Uniblue

[2009/08/03 01:48:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Zé Orlando\Dados de aplicativos\WhiteSmoke

[2010/05/24 18:06:15 | 000,000,336 | ---- | M] () -- C:\WINDOWS\Tasks\GlaryInitialize.job

[2008/10/01 02:28:08 | 000,000,312 | ---- | M] () -- C:\WINDOWS\Tasks\LifeChatTask.job

[2010/05/10 12:51:54 | 000,032,564 | ---- | M] () -- C:\WINDOWS\Tasks\SCHEDLGU.TXT

[2010/05/24 18:01:03 | 000,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

[2010/05/24 18:12:43 | 000,000,464 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{C384038A-6F1B-4C9B-A03D-3FE4B894DDA3}.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

[2010/05/23 19:40:33 | 000,010,920 | ---- | M] () -- C:\aolconnfix.exe

< %SYSTEMDRIVE%\eventlog.dll /s /md5 >

[2008/04/14 09:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=A8CDC8DECE4735B86BBEF28460996C30 -- C:\WINDOWS\ERDNT\cache\eventlog.dll

[2008/04/14 09:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=A8CDC8DECE4735B86BBEF28460996C30 -- C:\WINDOWS\system32\eventlog.dll

[2008/04/14 09:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=A8CDC8DECE4735B86BBEF28460996C30 -- C:\WINDOWS\system32\dllcache\eventlog.dll

< %SYSTEMDRIVE%\scecli.dll /s /md5 >

[2008/04/14 09:00:00 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=879E802EF4EF2405014B170EA41E552B -- C:\WINDOWS\ERDNT\cache\scecli.dll

[2008/04/14 09:00:00 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=879E802EF4EF2405014B170EA41E552B -- C:\WINDOWS\system32\scecli.dll

[2008/04/14 09:00:00 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=879E802EF4EF2405014B170EA41E552B -- C:\WINDOWS\system32\dllcache\scecli.dll

< %SYSTEMDRIVE%\netlogon.dll /s /md5 >

[2008/04/14 09:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=49897D67B04E62F8E59EB8B1C7DF7072 -- C:\WINDOWS\ERDNT\cache\netlogon.dll

[2008/04/14 09:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=49897D67B04E62F8E59EB8B1C7DF7072 -- C:\WINDOWS\system32\netlogon.dll

[2008/04/14 09:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=49897D67B04E62F8E59EB8B1C7DF7072 -- C:\WINDOWS\system32\dllcache\netlogon.dll

< %SYSTEMDRIVE%\cngaudit.dll /s /md5 >

< %SYSTEMDRIVE%\sceclt.dll /s /md5 >

< %SYSTEMDRIVE%\ntelogon.dll /s /md5 >

< %SYSTEMDRIVE%\logevent.dll /s /md5 >

< %SYSTEMDRIVE%\iaStor.sys /s /md5 >

< %SYSTEMDRIVE%\nvstor.sys /s /md5 >

< %SYSTEMDRIVE%\atapi.sys /s /md5 >

[2008/04/14 09:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys

[2008/04/14 09:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys

< %SYSTEMDRIVE%\IdeChnDr.sys /s /md5 >

< %SYSTEMDRIVE%\viasraid.sys /s /md5 >

========== Alternate Data Streams ==========

@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Dados de aplicativos\TEMP:AE9A5120

@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Dados de aplicativos\TEMP:5BB923A2

@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Dados de aplicativos\TEMP:888AFB86

< End of report >

DigRam · Maio 25, 2010

Bom Dia! Leko.xD

<!> Desinstale: C:\Arquivos de programas\Viewpoint <--

00000000000000000000

oooooooooooooooooooo

<@> Execute o OTL.exe.

<@> Copie estas informações que estão na Quote,para o campo abaixo de: Exames Personalizados/Correções

:files
C:\Documents and Settings\Ze Orlando\Configurações locais\Dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

C:\Arquivos de programas\Bonjour\mdnsNSP.dll

C:\Arquivos de programas\Ask.com

C:\Arquivos de programas\Bonjour

C:\WINDOWS\System32\owner.exe

:otl

O2 - BHO: (PandoraTV Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Arquivos de programas\Ask.com\GenericAskToolbar.dll File not found

O3 - HKLM\..\Toolbar: (PandoraTV Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Arquivos de programas\Ask.com\GenericAskToolbar.dll File not found

O3 - HKU\S-1-5-21-602162358-261478967-839522115-1003\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.

O3 - HKU\S-1-5-21-602162358-261478967-839522115-1003\..\Toolbar\WebBrowser: (PandoraTV Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Arquivos de programas\Ask.com\GenericAskToolbar.dll File not found

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - Reg Error: Key error. File not found

@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Dados de aplicativos\TEMP:AE9A5120

@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Dados de aplicativos\TEMP:5BB923A2

@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Dados de aplicativos\TEMP:888AFB86

:commands

[purity]

[emptyflash]

[emptytemp]

[Reboot]

<@> Clique no botão Consertar --> Aguarde a conclusão! --> Executar!

<@> Poste o relatório,que também estará na pasta: C:\_OTL\MovedFiles\*.log <-

<@> Poste,também,HijackThis atualizado.

Abraços!

Leko.xD · Maio 25, 2010

Aqui o Relatorio do OTL

All processes killed

========== FILES ==========

C:\Documents and Settings\Ze Orlando\Configurações locais\Dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini moved successfully.

C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job moved successfully.

C:\Arquivos de programas\Bonjour\mdnsNSP.dll moved successfully.

File\Folder C:\Arquivos de programas\Ask.com not found.

C:\Arquivos de programas\Bonjour\Bonjour.Resources\zh_TW.lproj folder moved successfully.

C:\Arquivos de programas\Bonjour\Bonjour.Resources\zh_CN.lproj folder moved successfully.

C:\Arquivos de programas\Bonjour\Bonjour.Resources\sv.lproj folder moved successfully.

C:\Arquivos de programas\Bonjour\Bonjour.Resources\ru.lproj folder moved successfully.

C:\Arquivos de programas\Bonjour\Bonjour.Resources\pt_PT.lproj folder moved successfully.

C:\Arquivos de programas\Bonjour\Bonjour.Resources\pt.lproj folder moved successfully.

C:\Arquivos de programas\Bonjour\Bonjour.Resources\pl.lproj folder moved successfully.

C:\Arquivos de programas\Bonjour\Bonjour.Resources\nl.lproj folder moved successfully.

C:\Arquivos de programas\Bonjour\Bonjour.Resources\nb.lproj folder moved successfully.

C:\Arquivos de programas\Bonjour\Bonjour.Resources\ko.lproj folder moved successfully.

C:\Arquivos de programas\Bonjour\Bonjour.Resources\ja.lproj folder moved successfully.

C:\Arquivos de programas\Bonjour\Bonjour.Resources\it.lproj folder moved successfully.

C:\Arquivos de programas\Bonjour\Bonjour.Resources\fr.lproj folder moved successfully.

C:\Arquivos de programas\Bonjour\Bonjour.Resources\fi.lproj folder moved successfully.

C:\Arquivos de programas\Bonjour\Bonjour.Resources\es.lproj folder moved successfully.

C:\Arquivos de programas\Bonjour\Bonjour.Resources\en_GB.lproj folder moved successfully.

C:\Arquivos de programas\Bonjour\Bonjour.Resources\en.lproj folder moved successfully.

C:\Arquivos de programas\Bonjour\Bonjour.Resources\de.lproj folder moved successfully.

C:\Arquivos de programas\Bonjour\Bonjour.Resources\da.lproj folder moved successfully.

C:\Arquivos de programas\Bonjour\Bonjour.Resources folder moved successfully.

C:\Arquivos de programas\Bonjour folder moved successfully.

C:\WINDOWS\System32\owner.exe moved successfully.

========== OTL ==========

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.

Registry value HKEY_USERS\S-1-5-21-602162358-261478967-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ deleted successfully.

Registry value HKEY_USERS\S-1-5-21-602162358-261478967-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{B5A7F190-DDA6-4420-B3BA-52453494E6CD} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B5A7F190-DDA6-4420-B3BA-52453494E6CD}\ not found.

ADS C:\Documents and Settings\All Users\Dados de aplicativos\TEMP:AE9A5120 deleted successfully.

ADS C:\Documents and Settings\All Users\Dados de aplicativos\TEMP:5BB923A2 deleted successfully.

ADS C:\Documents and Settings\All Users\Dados de aplicativos\TEMP:888AFB86 deleted successfully.

========== COMMANDS ==========

[EMPTYFLASH]

User: Administrador

User: All Users

->Flash cache emptied: 0 bytes

User: Default User

->Flash cache emptied: 0 bytes

User: HelpAssistant

User: leila

->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

User: Ze Orlando

->Flash cache emptied: 1033 bytes

User: Zé Orlando

->Flash cache emptied: 456 bytes

Total Flash Files Cleaned = 0,00 mb

[EMPTYTEMP]

User: Administrador

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: All Users

->Flash cache emptied: 0 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: HelpAssistant

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: leila

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: LocalService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 693274 bytes

User: Ze Orlando

->Temp folder emptied: 3082792 bytes

->Temporary Internet Files folder emptied: 5390581 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 38032944 bytes

->Opera cache emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: Zé Orlando

->Temp folder emptied: 112677 bytes

->Temporary Internet Files folder emptied: 726126 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 44183798 bytes

->Google Chrome cache emptied: 0 bytes

->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 505 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 88,00 mb

OTL by OldTimer - Version 3.2.5.0 log created on 05252010_132317

Files\Folders moved on Reboot...

File move failed. C:\WINDOWS\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...

Aqui o Relatório do Hijackthis Atualizado

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 13:45:50, on 25/5/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Arquivos de programas\Microsoft LifeCam\MSCamS32.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\vVX3000.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe

C:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exe

C:\Arquivos de programas\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\iPod\bin\iPodService.exe

C:\WINDOWS\system32\msiexec.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\svchost.exe

C:\Documents and Settings\Ze Orlando\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R3 - URLSearchHook: Messenger Plus Live Brazil Toolbar - {edbca961-4bf8-4cbe-8c63-a11dff9ed2d9} - C:\Arquivos de programas\Messenger_Plus_Live_Brazil\tbMes1.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: Messenger Plus Live Brazil Toolbar - {edbca961-4bf8-4cbe-8c63-a11dff9ed2d9} - C:\Arquivos de programas\Messenger_Plus_Live_Brazil\tbMes1.dll

O3 - Toolbar: Messenger Plus Live Brazil Toolbar - {edbca961-4bf8-4cbe-8c63-a11dff9ed2d9} - C:\Arquivos de programas\Messenger_Plus_Live_Brazil\tbMes1.dll

O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [avast5] C:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exe /nogui

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Arquivos de programas\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [LifeCam] "C:\Arquivos de programas\Microsoft LifeCam\LifeExp.exe"